I'm configuring exim4 for virtual users with dovecot and postgresql and I got a problem I cannot resolve, the situation is this:
I need that when a 'localdomain' user tries to send a email to another 'localdomain' user or foreign user, needs to authenticate, otherwise refuse the operation.
Practically I'm trying to avoid any type of smtp open relay.
Actually the smtp works fine, just need to set that requirement, and I can't find the correct way of how I can configure exim correctly for get this behavior (Is a acl or route or transport rule?)
How could I define this configuration?
Example 1
220 my-server ESMTP Exim 4.84 Thu, 31 Mar 2016 22:26:28 +0000 ehlo localhost 250-my-server Hello localhost [192.168.1.X] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250 HELP mail from: a@my-server.com 250 OK rcpt to: b@my-server.com 250 Accepted data 354 Enter message, ending with "." on a line by itself this must not happen, the user 'a@my-server.com' is not authenticated, he must not be able to send any message yet until of use of 'auth login' or 'auth plain' because is a user of local domains. . 250 OK id=1all3Q-0004l2-V4
Example 2
220 my-server ESMTP Exim 4.84 Thu, 31 Mar 2016 22:58:56 +0000 ehlo localhost 250-my-server Hello localhost [192.168.1.X] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250 HELP mail from: a@anotherserver.com 250 OK rcpt to: user@my-server.com 250 Accepted data 354 Enter message, ending with "." on a line by itself this is already valid. . 250 OK id=1allZR-00050E-Sq
ACL RCPT-TO Config File
acl_check_rcpt:
accept
hosts = :
control = dkim_disable_verify
.ifdef CHECK_RCPT_LOCAL_LOCALPARTS
deny
domains = +local_domains
local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
message = restricted characters in address
.endif
deny
domains = !+local_domains
local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
message = restricted characters in address
.endif
accept
.ifndef CHECK_RCPT_POSTMASTER
local_parts = postmaster
.else
local_parts = CHECK_RCPT_POSTMASTER
.endif
domains = +local_domains : +relay_to_domains
.ifdef CHECK_RCPT_VERIFY_SENDER
deny
message = Failed!
!acl = acl_local_deny_exceptions
!verify = sender
.endif
deny
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_callout}\
{CONFDIR/local_sender_callout}\
{}}
!verify = sender/callout
accept
hosts = +relay_from_hosts
control = submission/sender_retain
control = dkim_disable_verify
accept
authenticated = *
control = submission/sender_retain
control = dkim_disable_verify
require
message = Relay denied!
domains = +local_domains : +relay_to_domains
require
verify = recipient
deny
!acl = acl_local_deny_exceptions
recipients = ${if exists{CONFDIR/local_rcpt_callout}\
{CONFDIR/local_rcpt_callout}\
{}}
!verify = recipient/callout
deny
message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_blacklist}\
{CONFDIR/local_sender_blacklist}\
{}}
deny
message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
!acl = acl_local_deny_exceptions
hosts = ${if exists{CONFDIR/local_host_blacklist}\
{CONFDIR/local_host_blacklist}\
{}}
accept
domains = +relay_to_domains
endpass
verify = recipient
accept
